WannaCry Exposes Extent of Cyber Crime Threat to Small Business

Monday, 12 June 2017

Just how big a threat is cyber crime to small businesses? Unfortunately, the issue receives precious little attention in the mainstream media, which tends only to report the biggest attacks against the biggest organisations.

Just how big a threat is cyber crime to small businesses? Unfortunately, the issue receives precious little attention in the mainstream media, which tends only to report the biggest attacks against the biggest organisations.

As a result, it is dangerously easy for small business owners to be lulled into a false sense of security - isn’t hacking something which only affects big, super rich businesses with plenty of loot for the perpetrators to target?

Sadly, that just isn’t the reality of the situation. The recent well-publicised WannaCry attack provides an ideal example. Although reports focused on how this so-called ransomware ‘worm’ affected the likes of the NHS, FedEx and Telefonica, many of the tens of thousands of victims across 150 countries were in fact small businesses. Targeting small businesses is nothing unusual for ransomware attacks.

Evolving Threat

WannaCry offers an exemplary case study for a number of reasons. For one, it underlines how the nature of that threat is always evolving, and how hard it is to keep on top of IT security.

Before WannaCry, most ransomware attacks - so called because hackers demand money for removing the threat - were carried out as phishing attacks with malware planted in rogue emails. But WannaCry was different. Launched on 12 May 2017, WannaCry made use of a known weakness in Microsoft Windows operating systems to infect computers and spread automatically.

Once the worm was in place, it encrypted the infected systems, making them inaccessible to users. The cyber criminals responsible then demanded a ransom for unlocking the encryption.

Unfortunately, small businesses are not always able to invest in up-to-date IT infrastructure. They are also less likely to employ qualified IT specialists, and to stay on top of the latest threats and the security updates available. This leaves smaller business woefully exposed to cyber attacks.

Vigilance

Whatever the size of the business, staying safe from cyber attacks requires vigilance. In an ideal world, everyone would keep up to date with the very latest systems and applications, which by definition have the very latest security protocols inbuilt. But that simply is not practical for many businesses, especially given the rate of development in technology.

But as a minimum, small businesses can increase their protection levels by keeping on top of the following:

●Keep up with the latest patches and security releases for your systems, making it a part of your maintenance routine to check for and install updates.

●Ensure that every device which accesses your network is protected with anti-malware and that it too is kept up to date.

●Check that the firewalls on your network are properly installed, up to date and adequate for your needs, and block any ports which are not absolutely necessary for your business.

Turning back to WannaCry, Microsoft has now released security updates which close the known vulnerability in Windows, including for the otherwise unsupported XP. But what it cannot do is go round installing those patches on every single computer that needs it. This is where IT security becomes the responsibility of each individual owner, and underlines the need for small businesses to be aware and vigilant. Until every exposed Windows OS and server has the patch installed, WannaCry will still be out there, putting businesses at risk.

And in the meantime, the hackers behind it will be looking for ways to update its threat and make it even more potent.

Contact us today to find out how Pisys.net can help with your IT security and protect your business.